This invention is related to wireless devices operating in accordance with the IEEE 802.11 standard, and more specifically, to a wireless authentication protocol for authenticating such devices.
The conventional Extensible Authentication Protocol (EAP) was originally designed to provide a framework for allowing new authentication methods to be easily introduced into the Point-To-Point Protocol (PPP). Even though EAP was originally designed to operate as part of PPP, it is sufficiently flexible to be mapped to virtually any framed link layer. The IEEE 802.1x EAP over LAN (EAPOL) specification defines a method for encapsulating EAP packets into either Ethernet or Token Ring packets such that the packets may be transmitted over a LAN.
WEP (Wired Equivalent Privacy) protocol security services under the IEEE 802.11 specification provide for data traffic between a wireless client (or peer) and a network access server (NAS) to be encrypted using an encryption key. The WEP protocol uses a key to authenticate each client station. The client station must have a current key to access the network. The NAS, also called an access point (AP), also requires a key to be allowed access to the wireless network. Originally the AP would have a single key, which had to be programmed into each client radio transceiver, and all traffic in the wireless cell would be encrypted with the single key. Now, using EAP authentication, an AP (or equivalently, a centralized Authentication, Authorization, and Accounting (AAA) server) may independently derive a unique session key that is based upon user-specific data. Generation of the particular authentication protocols and key distribution protocols are left to vendors to develop.
The wireless AP often relies on the centralized AAA server to authenticate the clients on its behalf. One of the more popular types of AAA servers is a RADIUS (Remote Authentication Dial-In User Service) server. Extensions to the RADIUS protocol have been defined to allow the transfer of EAP packets between the AAA server and the AP. In this case, the AP is just a relay agent in the authentication conversation that takes place between the wireless client and the RADIUS AAA server. The RADIUS server informs the AP of the result of the client authentication and whether to allow the client to access the network. Other parameters may be returned as well, including session keys for use between the client and the AP.
In the wireless environment, it is very easy for a rogue AP to masquerade as a valid AP, and capture all of the client traffic. Thus the client must be able to make sure it is connecting to the correct network. One way to eliminate this “man-in-the-middle” attack by the rogue AP is to incorporate mutual authentication such that the client verifies the identity of the AP, as well as the AP verifying the client.
Further, the protocol must be efficiently executable. A processor in most wireless transceiver radio cards is fairly simple, must be programmed in assembly language, and runs at a low clock speed compared to current host systems. Thus the protocol must be designed such that the code will fit in the code memory of the radio card. The algorithm must run in a reasonable amount of time so that normal data traffic is not blocked for too long a time, especially during roaming from one AP to another.
In the first implementations of EAP in the wireless LAN world, the authentication method used public key cryptography (PKI—Public Key Infrastructure). This is very compute intensive and is handled on the client side by the host processor of the computer in which the radio card is attached. The only other defined authentication method was too simple and did not provide mutual authentication. In order to provide support for embedded systems, such as printers, and for host machines running operating systems that did not have the support routines to allow the use of the PKI authentication, it was felt a new method was needed that could be embedded into the client radio card firmware. In this way, only very minimal host support was needed, that being to provide a username and password to the radio card.
The new protocol must incorporate ease of integration with RADIUS. Most RADIUS servers consist of a module that handles the actual RADIUS protocol, interfaces with one or more back-end database modules, and performs the actual verification of the client information. The new authentication scheme must be supported by a large number of the database modules. As well, since some form of the username and password information must be passed to the AP for generation of an encryption key, the protocol must take into account the types of information about the user password that the database modules are willing to release.
Thus what is needed is a wireless authentication protocol that resides in the EAP, provides mutual authentication between the network infrastructure and the user, offers secure derivation of random user-specific cryptographic session keys, provides compatibility with existing and widespread network authentication mechanisms (e.g., RADIUS), operates with computational speed, and provides a single sign-on capability that is compatible with popular vendor networking architectures, e.g., by Microsoft™.